Radio frequency identification (RFID) is a high potential enabling technology that can radically change the way that information is gathered about the physical world. RFID tags are typically used to perform the identification of multiple objects without requiring line-of-sight or manual intervention. With RFID, a pallet of goods within the supply chain can be inventoried without unloading or unpacking the pallet. Embedded into consumer products, RFID can provide the customer with a new shopping experience by permitting queue-free checkout and suppressing counterfeiting. After the initial point of sale, the RFID tag may be used by the consumer to enable services within their home, or used for product returns, recycling and secondhand sales. Automated identification devices have already been successful in libraries and media rental companies to improve the efficiency of rotating inventory systems. In the future, we may see many more items being tagged, and many new applications being enabled. RFID deployment is likely to have an impact on consumer purchasing habits. Consumers can obtain better product information through referencing the tag ID on the Internet. RFID promises to allow receipt-free returns and to reduce postsale theft. However, with these expected advantages, RFID technology has raised concerns in term of privacy. For an introduction to RFID systems, their components and operations, the reader is referred to the paper by Sama, Weis and Engels whose publication is referenced below and which is incorporated by this reference.
The fact that RFID tags can be read without requiring line of sight, and can be invisibly embedded in consumer products, makes it hard to control the privacy of their information. For ubiquitous application, tags have to be cheap (compromising its ability for security) and read at high speeds simultaneously (making it difficult to mandate complex notifications and authorisations). Privacy risks lead to two fundamental requirements—preventing information leakage, and preventing tracking. Further, tags by their nature do not stay within a single ownership domain, so they have to be transferable, but need to preserve the privacy of each current (and past) owner whose hands they pass through. In RFID applications where multiple parties must read the same tag without the transfer of ownership, the RFID system should ideally include the ability to delegate access to the tag to secondary parties.
If the same RFID tag is used throughout the product lifetime, or if the ID is encrypted with a secret key that remains unchanged, then the product can be tracked along the supply chain. Any party who can access a tag, has the ability to do so for the lifetime of the tag, with no regard to the privacy of the current owner. Such tags are vulnerable to unauthorised access e.g. in the context of industrial espionage, or worse.